SixApart发布了新的安全补丁,各个版本系列都有同样的问题。
http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html
The Rich Text Editor in previous versions of Movable Type 6 and Movable Type 5 are susceptible to cross-site scripting (XSS) attacks.
所以这里,作为几乎是我最后一个基于MovableType的blog,也马上升级了。